What will 2019 hold for destructive attacks? What are the essential issues in endpoint security in 2019? We spoke with experts from endpoint protection platform provider Carbon Black to find out:
Tom Kellermann, Chief Cybersecurity Officer, Carbon Black:
Continuation of Destructive Attacks & the Resurgence of Stenography
In 2018, we saw a resurgence of Chinese cyber espionage coupled with a surge in destructive attacks. Our latest Incident Response Threat report depicted a widespread adoption of C2 on sleep cycles and a high prevalence of attack victims experiencing island hopping and counter incident response.
In 2019, I’m predicting we’ll see more instances of island hopping, particularly via public cloud infrastructure. We’ll also continue to see a wave of destructive attacks as geopolitical tension continues to manifest itself in cyberspace.
In 2019, we’ll continue to see attackers attempt to counter detection in the form of Vapor worms and IoT worms. For my semi-bold 2019 prediction, I’m saying that steganography makes a comeback.
Paul Drapeau, Enterprise Architect, Carbon Black Threat Analysis Unit:
Breach to Extortion Will Become Common
Attackers have been actively using ransomware to make a quick buck by locking systems and encrypting files but this activity could move from compromise of systems to compromise of personal lives.
Breaches in Facebook and other social media platforms represent a wealth of data to be mined by bad actors. This data could be used to correlate activities between people to find illegal, scandalous or compromising behavior and then leveraged for traditional blackmail at scale. “Pay me the Bitcoins or your spouse/employer gets copies of these direct messages,” an example note might read. We can fight ransomware with anti-malware tools or backups but we depend on giant companies to protect our more personal details.
The breach doesn’t even have to be real to result in extortion attempts, as was seen in 2018 with the mass email scam purporting to have compromising video and passwords of the victims. Imagine an attacker building on data from a breach and fabricating message contents and then demanding “ransom” be paid. This type of attack is definitely more work, more targeted and difficult but the payoff could be there. Victims may be willing to pay more money and pay up more readily when it is their real lives and reputations at stake vs. their digital files.
Stacia Tympanick, Security Strategist, Carbon Black:
Supply Chain Attacks in Healthcare
We will see a lot more supply chain attacks occur within the healthcare industry. Healthcare is such a tough attack surface to protect, because many healthcare organizations grow by acquiring smaller healthcare organizations. There is so much focus on just making sure that devices are discovered and protected on networks, that managing medical devices on top of this opens up a large attack surface. Healthcare is also starting to move to the cloud, so cloud providers should be evaluated under a stern eye to ensure that proper and secure procedures/processes are in place.
Thanks again to Carbon Black’s experts for their time and expertise!